Yes, however, there is a workaround. Type about
:config into the browser address bar and hit the enter key.
Look for the following entry: network.enableIDN
Highlight that entry and double-click it to change the boolean value from true to false.
This will disallow a malicious webpage, that attempts to exploit this vulnerability, to load at all.
I have tried it on a test webpage and it stops the exploit from working by not allowing the exploit webpage to load